[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Aug 30 21:10:35 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9d0e50d8 by security tracker role at 2019-08-30T20:10:21Z
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,65 +1,71 @@
-CVE-2019-15842
+CVE-2019-15845
RESERVED
-CVE-2019-15841
+CVE-2019-15844
RESERVED
-CVE-2019-15840
- RESERVED
-CVE-2019-15839
- RESERVED
-CVE-2019-15838
- RESERVED
-CVE-2019-15837
- RESERVED
-CVE-2019-15836
- RESERVED
-CVE-2019-15835
- RESERVED
-CVE-2019-15834
- RESERVED
-CVE-2019-15833
- RESERVED
-CVE-2019-15832
- RESERVED
-CVE-2019-15831
- RESERVED
-CVE-2019-15830
- RESERVED
-CVE-2019-15829
- RESERVED
-CVE-2019-15828
- RESERVED
-CVE-2019-15827
- RESERVED
-CVE-2019-15826
- RESERVED
-CVE-2019-15825
- RESERVED
-CVE-2019-15824
- RESERVED
-CVE-2019-15823
- RESERVED
-CVE-2019-15822
- RESERVED
-CVE-2019-15821
- RESERVED
-CVE-2019-15820
- RESERVED
-CVE-2019-15819
- RESERVED
-CVE-2019-15818
- RESERVED
-CVE-2019-15817
- RESERVED
-CVE-2019-15816
+CVE-2019-15843
RESERVED
+CVE-2019-15842 (The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress ...)
+ TODO: check
+CVE-2019-15841 (The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CS ...)
+ TODO: check
+CVE-2019-15840 (The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CS ...)
+ TODO: check
+CVE-2019-15839 (The sina-extension-for-elementor plugin before 2.2.1 for WordPress has ...)
+ TODO: check
+CVE-2019-15838 (The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS ...)
+ TODO: check
+CVE-2019-15837 (The webp-express plugin before 0.14.8 for WordPress has stored XSS. ...)
+ TODO: check
+CVE-2019-15836 (The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored X ...)
+ TODO: check
+CVE-2019-15835 (The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF. ...)
+ TODO: check
+CVE-2019-15834 (The webp-converter-for-media plugin before 1.0.3 for WordPress has CSR ...)
+ TODO: check
+CVE-2019-15833 (The simple-mail-address-encoder plugin before 1.7 for WordPress has re ...)
+ TODO: check
+CVE-2019-15832 (The visitors-traffic-real-time-statistics plugin before 1.13 for WordP ...)
+ TODO: check
+CVE-2019-15831 (The visitors-traffic-real-time-statistics plugin before 1.12 for WordP ...)
+ TODO: check
+CVE-2019-15830 (The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS. ...)
+ TODO: check
+CVE-2019-15829 (The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp ...)
+ TODO: check
+CVE-2019-15828 (The one-click-ssl plugin before 1.4.7 for WordPress has CSRF. ...)
+ TODO: check
+CVE-2019-15827 (The onesignal-free-web-push-notifications plugin before 1.17.8 for Wor ...)
+ TODO: check
+CVE-2019-15826 (The wps-hide-login plugin before 1.5.3 for WordPress has a protection ...)
+ TODO: check
+CVE-2019-15825 (The wps-hide-login plugin before 1.5.3 for WordPress has an action=rp& ...)
+ TODO: check
+CVE-2019-15824 (The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash ...)
+ TODO: check
+CVE-2019-15823 (The wps-hide-login plugin before 1.5.3 for WordPress has an action=con ...)
+ TODO: check
+CVE-2019-15822 (The wps-child-theme-generator plugin before 1.2 for WordPress has clas ...)
+ TODO: check
+CVE-2019-15821 (The bold-page-builder plugin before 2.3.2 for WordPress has no protect ...)
+ TODO: check
+CVE-2019-15820 (The login-or-logout-menu-item plugin before 1.2.0 for WordPress has no ...)
+ TODO: check
+CVE-2019-15819 (The nd-restaurant-reservations plugin before 1.5 for WordPress has no ...)
+ TODO: check
+CVE-2019-15818 (The simple-301-redirects-addon-bulk-uploader plugin through 1.2.4 for ...)
+ TODO: check
+CVE-2019-15817 (The easy-property-listings plugin before 3.4 for WordPress has XSS. ...)
+ TODO: check
+CVE-2019-15816 (The wp-private-content-plus plugin before 2.0 for WordPress has no pro ...)
+ TODO: check
CVE-2019-15815
RESERVED
CVE-2019-15814
RESERVED
CVE-2019-15813
RESERVED
-CVE-2015-9380
- RESERVED
+CVE-2015-9380 (The photo-gallery plugin before 1.2.42 for WordPress has CSRF. ...)
+ TODO: check
CVE-2019-15812
RESERVED
CVE-2019-15811 (In DomainMOD through 4.13, the parameter daterange in the file reporti ...)
@@ -555,8 +561,8 @@ CVE-2019-15632
RESERVED
CVE-2019-15631
RESERVED
-CVE-2019-15630
- RESERVED
+CVE-2019-15630 (Directory Traversal in APIkit, http-connector, and OAuth2 Provider mod ...)
+ TODO: check
CVE-2019-15629
RESERVED
CVE-2019-15628
@@ -2278,8 +2284,8 @@ CVE-2019-15028 (In Joomla! before 3.9.11, inadequate checks in com_contact could
NOT-FOR-US: Joomla!
CVE-2019-15027 (The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on ...)
TODO: check
-CVE-2019-15026
- RESERVED
+CVE-2019-15026 (memcached 1.5.16, when UNIX sockets are used, has a stack-based buffer ...)
+ TODO: check
CVE-2019-15025 (The ninja-forms plugin before 3.3.21.2 for WordPress has SQL injection ...)
NOT-FOR-US: ninja-forms plugin for WordPress
CVE-2018-20968 (The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF. ...)
@@ -3814,6 +3820,7 @@ CVE-2019-14468 (GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c
CVE-2019-14467
RESERVED
CVE-2019-14466 [GOsa <= 2.7.5.2 uses unserialize to restore filter settings from a cookie. Since this cookie is supplied by the client, authenticated users can pass arbitrary content to unserialized, which opens GOsa up to a potential PHP object injection.]
+ RESERVED
- gosa <unfixed>
NOTE: https://github.com/gosa-project/gosa-core/commit/e1504e9765db2adde8b4685b5c93fbba57df868b (fix)
NOTE: https://github.com/gosa-project/gosa-core/commit/90b674960335d888c76ca5e99027df8e7fa66f3a (fixing the prev commit)
@@ -9623,8 +9630,8 @@ CVE-2019-12812
RESERVED
CVE-2019-12811
RESERVED
-CVE-2019-12810
- RESERVED
+CVE-2019-12810 (A memory corruption vulnerability exists in the .PSD parsing functiona ...)
+ TODO: check
CVE-2019-12809 (Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contai ...)
NOT-FOR-US: Yes24ViewerX ActiveX Control
CVE-2019-12808 (ALTOOLS update service 18.1 and earlier versions contains a local priv ...)
@@ -38501,10 +38508,10 @@ CVE-2019-2392
RESERVED
CVE-2019-2391
RESERVED
-CVE-2019-2390
- RESERVED
-CVE-2019-2389
- RESERVED
+CVE-2019-2390 (An unprivileged user or program on Microsoft Windows which can create ...)
+ TODO: check
+CVE-2019-2389 (Incorrect scoping of kill operations in MongoDB Server's packaged SysV ...)
+ TODO: check
CVE-2019-2388
RESERVED
CVE-2019-2387
@@ -63108,23 +63115,23 @@ CVE-2018-12442
CVE-2018-12441 (The CorsairService Service in Corsair Utility Engine is installed with ...)
NOT-FOR-US: Corsair
CVE-2017-18341
- RESERVED
+ REJECTED
CVE-2017-18340
- RESERVED
+ REJECTED
CVE-2017-18339
- RESERVED
+ REJECTED
CVE-2017-18338
- RESERVED
+ REJECTED
CVE-2017-18337
- RESERVED
+ REJECTED
CVE-2017-18336
- RESERVED
+ REJECTED
CVE-2017-18335
- RESERVED
+ REJECTED
CVE-2017-18334
- RESERVED
+ REJECTED
CVE-2017-18333
- RESERVED
+ REJECTED
CVE-2017-18332 (Security keys are logged when any WCDMA call is configured or reconfig ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2017-18331 (Improper access control on secure display buffers in snapdragon automo ...)
@@ -63140,7 +63147,7 @@ CVE-2017-18327 (Security keys are logged when any WCDMA call is configured or re
CVE-2017-18326 (Cryptographic keys are printed in modem debug messages in snapdragon m ...)
NOT-FOR-US: snapdragon
CVE-2017-18325
- RESERVED
+ REJECTED
CVE-2017-18324 (Cryptographic key material leaked in debug messages - GERAN in snapdra ...)
NOT-FOR-US: snapdragon
CVE-2017-18323 (Cryptographic key material leaked in TDSCDMA RRC debug messages in sna ...)
@@ -64539,7 +64546,7 @@ CVE-2018-11991
CVE-2018-11990
RESERVED
CVE-2018-11989
- RESERVED
+ REJECTED
CVE-2018-11988 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
NOT-FOR-US: CodeAurora components for Android
CVE-2018-11987 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
@@ -64564,25 +64571,25 @@ CVE-2018-11980
CVE-2018-11979
RESERVED
CVE-2018-11978
- RESERVED
+ REJECTED
CVE-2018-11977
- RESERVED
+ REJECTED
CVE-2018-11976 (ECDSA signature code leaks private keys from secure world to non-secur ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11975
- RESERVED
+ REJECTED
CVE-2018-11974
- RESERVED
+ REJECTED
CVE-2018-11973
- RESERVED
+ REJECTED
CVE-2018-11972
- RESERVED
+ REJECTED
CVE-2018-11971 (Interrupt exit code flow may undermine access control policy set forth ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11970 (TZ App dynamic allocations not protected from XBL loader in Snapdragon ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11969
- RESERVED
+ REJECTED
CVE-2018-11968 (Improper check before assigning value can lead to integer overflow in ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11967 (Signature verification of the skel library could potentially be disabl ...)
@@ -64602,7 +64609,7 @@ CVE-2018-11961 (In all android releases(Android for MSM, Firefox OS for MSM, QRD
CVE-2018-11960 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
NOT-FOR-US: CodeAurora components for Android
CVE-2018-11959
- RESERVED
+ REJECTED
CVE-2018-11958 (Insufficient protection of keys in keypad can lead HLOS to gain access ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11957
@@ -64639,7 +64646,7 @@ CVE-2018-11943 (In all android releases(Android for MSM, Firefox OS for MSM, QRD
CVE-2018-11942 (Failure to initialize the reserved memory which is sent to the firmwar ...)
NOT-FOR-US: Snapdragon
CVE-2018-11941
- RESERVED
+ REJECTED
CVE-2018-11940 (Lack of check in length before using memcpy in WLAN function can lead ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11939 (Use after issue in WLAN function due to multiple ACS scan requests at ...)
@@ -64655,7 +64662,7 @@ CVE-2018-11935 (Improper input validation might result in incorrect app id retur
CVE-2018-11934 (Possible out of bounds write due to improper input validation while pr ...)
NOT-FOR-US: Snapdragon
CVE-2018-11933
- RESERVED
+ REJECTED
CVE-2018-11932 (Improper input validation can lead RW access to secure subsystem from ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11931 (Improper access to HLOS is possible while transferring memory to CPZ i ...)
@@ -64871,7 +64878,7 @@ CVE-2018-11827 (In all android releases (Android for MSM, Firefox OS for MSM, QR
CVE-2018-11826 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11825
- RESERVED
+ REJECTED
CVE-2018-11824 (A stack-based buffer overflow can occur in a firmware routine in Snapd ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2018-11823 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...)
@@ -111695,7 +111702,7 @@ CVE-2016-10502 (While generating trusted application id, An integer overflow can
CVE-2016-10501 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10500
- RESERVED
+ REJECTED
CVE-2016-10499 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10498 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
@@ -111719,7 +111726,7 @@ CVE-2016-10490 (In Android before 2018-04-05 or earlier security patch level on
CVE-2016-10489 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10488
- RESERVED
+ REJECTED
CVE-2016-10487 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10486 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
@@ -111755,21 +111762,21 @@ CVE-2016-10472 (In Android before 2018-04-05 or earlier security patch level on
CVE-2016-10471 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10470
- RESERVED
+ REJECTED
CVE-2016-10469 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10468
- RESERVED
+ REJECTED
CVE-2016-10467 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10466 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10465
- RESERVED
+ REJECTED
CVE-2016-10464 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10463
- RESERVED
+ REJECTED
CVE-2016-10462 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10461 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
@@ -111789,7 +111796,7 @@ CVE-2016-10455 (In Android before 2018-04-05 or earlier security patch level on
CVE-2016-10454 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10453
- RESERVED
+ REJECTED
CVE-2016-10452 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10451 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
@@ -111869,7 +111876,7 @@ CVE-2016-10415 (In Android before 2018-04-05 or earlier security patch level on
CVE-2016-10414 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10413
- RESERVED
+ REJECTED
CVE-2016-10412 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2016-10411 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
@@ -112134,7 +112141,7 @@ CVE-2014-9994 (In Android before 2018-04-05 or earlier security patch level on Q
CVE-2014-9993 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2014-9992
- RESERVED
+ REJECTED
CVE-2014-9991 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2014-9990 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
@@ -112154,9 +112161,9 @@ CVE-2014-10063 (In Android before 2018-04-05 or earlier security patch level on
CVE-2014-10062 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2014-10061
- RESERVED
+ REJECTED
CVE-2014-10060
- RESERVED
+ REJECTED
CVE-2014-10059 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2014-10058 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
@@ -112178,7 +112185,7 @@ CVE-2014-10051 (In Android before 2018-04-05 or earlier security patch level on
CVE-2014-10050 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2014-10049
- RESERVED
+ REJECTED
CVE-2014-10048 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2014-10047 (In Android before 2018-04-05 or earlier security patch level on Qualco ...)
@@ -122792,7 +122799,7 @@ CVE-2014-9984 (nscd in the GNU C Library (aka glibc or libc6) before version 2.2
NOTE: Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=16695
NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c44496df2f090a56d3bf75df930592dac6bba46f
CVE-2014-9982
- RESERVED
+ REJECTED
CVE-2014-9981 (In all Qualcomm products with Android releases from CAF using the Linu ...)
NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9980 (In all Qualcomm products with Android releases from CAF using the Linu ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9d0e50d8338622eca10e20708e0b55d5efa308f4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9d0e50d8338622eca10e20708e0b55d5efa308f4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190830/bb50170d/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list